cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

derp 4

Browse Source
This commit is contained in:
cnst
2025-07-17 17:11:23 +02:00
parent 8509050503
commit 151104d696
5 changed files with 17 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
modules/nixos/services/agenix/default.nix
View File

@@ -58,6 +58,7 @@ in {
(mkIf cfg.sobotka.enable { (mkIf cfg.sobotka.enable {
secrets = { secrets = {
cloudflareFirewallApiKey.file = "${self}/secrets/cloudflareFirewallApiKey.age"; cloudflareFirewallApiKey.file = "${self}/secrets/cloudflareFirewallApiKey.age";
cloudflareDnsApiToken.file = "${self}/secrets/cloudflareDnsApiToken.age";
vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age"; vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
vaultwarden-env.file = "${self}/secrets/vaultwarden-env.age"; vaultwarden-env.file = "${self}/secrets/vaultwarden-env.age";
}; };

33
modules/server/caddy/default.nix
View File

@@ -12,11 +12,6 @@ in {
server.caddy.enable = mkEnableOption "Enables caddy"; server.caddy.enable = mkEnableOption "Enables caddy";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
age.secrets.cloudflare-env = {
file = "${self}/secrets/cloudflare-env.age";
owner = "caddy";
mode = "400";
};
networking.firewall = let networking.firewall = let
ports = [80 443]; ports = [80 443];
in { in {
@@ -24,20 +19,20 @@ in {
allowedUDPPorts = ports; allowedUDPPorts = ports;
}; };
# security.acme = { security.acme = {
# acceptTerms = true; acceptTerms = true;
# defaults.email = config.server.email; defaults.email = config.server.email;
# certs.${config.server.domain} = { certs.${config.server.domain} = {
# reloadServices = ["caddy.service"]; reloadServices = ["caddy.service"];
# domain = "${config.server.domain}"; domain = "${config.server.domain}";
# extraDomainNames = ["*.${config.server.domain}"]; extraDomainNames = ["*.${config.server.domain}"];
# dnsProvider = "cloudflare"; dnsProvider = "cloudflare";
# dnsResolver = "1.1.1.1:53"; dnsResolver = "1.1.1.1:53";
# dnsPropagationCheck = true; dnsPropagationCheck = true;
# group = config.services.caddy.group; group = config.services.caddy.group;
# environmentFile = config.age.secrets.cloudflare-env.path; environmentFile = config.age.secrets.cloudflareDnsApiToken.path;
# }; };
# }; };
services.caddy = { services.caddy = {
enable = true; enable = true;

2
modules/server/vaultwarden/default.nix
View File

@@ -15,7 +15,7 @@ in {
enable = mkEnableOption "Enables vaultwarden"; enable = mkEnableOption "Enables vaultwarden";
url = lib.mkOption { url = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "vault.${cfg.domain}"; default = "${cfg.domain}";
}; };
cloudflared = { cloudflared = {
credentialsFile = lib.mkOption { credentialsFile = lib.mkOption {

BIN
secrets/cloudflareDnsApiToken.age Normal file
View File

Binary file not shown.

1
secrets/secrets.nix
View File

@@ -14,4 +14,5 @@ in {
"vaultwarden-env.age".publicKeys = [cnst kima usobotka rsobotka]; "vaultwarden-env.age".publicKeys = [cnst kima usobotka rsobotka];
"cloudflareFirewallApiKey.age".publicKeys = [cnst kima usobotka rsobotka]; "cloudflareFirewallApiKey.age".publicKeys = [cnst kima usobotka rsobotka];
"vaultwardenCloudflared.age".publicKeys = [cnst kima usobotka rsobotka]; "vaultwardenCloudflared.age".publicKeys = [cnst kima usobotka rsobotka];
"cloudflareDnsApiToken.age".publicKeys = [cnst kima usobotka rsobotka];
} }